<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VLGSA3Okta Classic EngineOkta Integration NetworkAnswered2024-04-15T12:52:09.000Z2018-03-01T05:54:03.000Z2018-08-15T09:46:47.000Z

BernieD.42590 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Azure Active Directory provisioning for Intune, EMS, or any Microsof online service
Is it possible to provision using lifecycle management to Azure Active directory? Currently I have a Microsoft EMS subscription with no Office 365 services, and users log onto their machines using their Azure AD credentials. I want to like this to Okta for provisioning, so that when a user is assigned in Okta to Intune, their account is created in Azure Active Directory and the user is assigned the EMS E3 license and associated services. Additional when they leave the company their Azure AD account is automatically disabled.

 

Does this exist, and if not when will it be developed? Going forward there should be an integration directly with Azure AD rather than Office 365, and users simply select which Microsoft license they want to assign as part of an assignment to user or group. Office 365 E(1, 3, 5) should simply be one of many selections, and should reflect the license list available from Microsoft that can be programmatically assigned
  • 3 answers
  • 2K views
00umxx88nZ0SxXNn21t61.493751044451702E12 likes this.

  • t4g7y (t4g7y)

    I agree with your comment "integration directly with AAD vs o365".  You can set up what youre seeking (assuming youre 100% cloud).  There are some hurdles you'll need to overcome (such as group management) and conditional access, if youre using AAD conditional access.  Reach out to me if you have specific questions....the people I've spoken to at okta support dont have many answers to pure cloud deployments.  Its very dissapointing considering all the start ups and other orgs transitioning to 100% cloud.
    Expand Post
    Selected as Best

  • t4g7y (t4g7y)

    I agree with your comment "integration directly with AAD vs o365".  You can set up what youre seeking (assuming youre 100% cloud).  There are some hurdles you'll need to overcome (such as group management) and conditional access, if youre using AAD conditional access.  Reach out to me if you have specific questions....the people I've spoken to at okta support dont have many answers to pure cloud deployments.  Its very dissapointing considering all the start ups and other orgs transitioning to 100% cloud.
    Expand Post
    Selected as Best

  • BernieD.42590 (Customer)

    I've since worked out that the Office 365 integration is essentially an integration into Azure Active Directory, where the purchased products and SKUs are pulled in dynamically via API. I have since been able to deploy a configuration purely for Intune E3 and AAD P1 without any Office 365 links. Would be good to have the option to customise some of the links for the home page beyond the 'hard coded' list provided by Okta but for the particular use case there is no need for any of the links anyway, merely the federation and automated provisioning. Also made use of the feature to accumulate license rather than replace, allowing me to create numerous group assignments that update licenses for users rather than using the priority to overwrite the license configuration.

     

    A bit of confusion for me initially with the OIN application listed as Office 365 but is essentially all from the same Azure AD platform. Now will be waiting for Okta to introduce device trust for Windows 10 desktops via MDM rather than AD deployments, hopefully the MacOS device trust is similar.

    Expand Post
This question is closed.
Loading
Azure Active Directory provisioning for Intune, EMS, or any Microsof online service